Content receiving apparatus and method, storage medium, and server

ABSTRACT

A content receiver is compatible with a plurality of rights management and protection methods (RMP) devised for each content distribution system. Only the format which specifies the specification of the RMP formed of information such as content billing, security, and copyright protection, is standardized. Each content provider inputs encrypted content and rights processing information to content in a form conforming to the standardized specification. For content users, by merely being provided with functions corresponding to each RMP method in advance, even if the content is based on any RMP method, the content can be decrypted and used in the same content receiver.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority from Japanese Application No.P2000-316395 filed Oct. 17, 2000, the disclosure of which is herebyincorporated by reference herein.

BACKGROUND OF THE INVENTION

The present invention relates to a content receiving apparatus and acontent receiving method for receiving content distributed via broadcastwaves, a network, etc., and, particularly, relates to a contentreceiving apparatus and a content receiving method with which a specificuser receives chargeable content distributed in an encrypted form, suchas movies and music.

More particularly, the present invention relates to a content receivingapparatus and a content receiving method for receiving encrypted contentwhich is distributed by a content producer/provider of movies and musicthrough an intermediary, such as a broadcaster and an Internet serviceprovider, and, particularly, relates to a content receiving apparatusand a content receiving method for receiving content in a form in whichbilling for content use and security can be controlled by the contentproducer/provider itself.

With the recent innovation of information technology, various media,such as movies and music, have been handled as digitized content on aninformation device such as a computer. Furthermore, with the advances ininformation communication technology, this content can be distributed byusing a broadcast using satellite or terrestrial waves or by using awide-area network such as the Internet.

Distribution of video content and music content has already beenperformed in some places. By using content distribution technology,conventional commodity distribution channels and physical media can beignored. It is also possible for a consumer at a remote location toeasily obtain desired video and music software. Furthermore, from thestandpoint of the content producer/provider, since high profits are madefrom quick and efficient content sales, content production enthusiasmincreases, and this leads to the development of the entire industry.

For example, in a server-type/storage-type broadcasting system on aprecondition that a television receiver contains a large-capacity harddisk device, profits can be surely realized by distributing content,such as movies, which is encrypted by a broadcasting station and othercontent distributors, and by billing a content purchaser when a key fordecrypting encryption is distributed to a content purchaser, that is, aviewer.

Such a content receiving method is also called a “CAS (ConditionalAccess System)”. FIG. 14 shows the overall construction of a CAS-basedcontent distribution system.

The content distribution system shown in FIG. 14 is constituted of threeparties: a content provider which produces or provides content fordistribution, such as video and music; a content distributor fordistributing to users content provided by the content provider viabroadcast waves and a network; and consumers who receive content, thatis, ordinary users.

The content distributor is constituted of, for example, a broadcasterusing a broadcasting satellite such as a BS (Broadcasting Satellite) ora CS (Communication Satellite), a broadcaster using terrestrial waves,and an Internet service provider which manages connection services tothe Internet and services for providing various information content onthe Internet.

Ordinary users have a content receiver installed, for example, in one'sown household for receiving the distributed content. The contentreceiver for receiving content via broadcast waves may be, for example,a television receiver such as an STB (Set Top Box). Furthermore, thecontent receiver for receiving content via the Internet may be, forexample, an ordinary computer system such as a personal computer (PC).It is preferable that the content receiver have a built-in hard diskdevice and be a storage-type broadcast-compatible receiver capable ofstoring large amounts of video and music contents over a long period oftime.

In order for the content receiver to receive content via broadcastwaves, the content receiver must include a CAS (Conditional AccessSystem) card corresponding to each broadcaster. Furthermore, in order toreceive content via the Internet, it is necessary to obtain a useraccount (user entitlement) in advance from a predetermined Internetservice provider and is necessary to connect to the Internet via anearby access point when content is purchased.

In order for the broadcaster to collect costs required for contentdistribution and profits, for example, the time in which a CAS card (ora receiver in which CAS is contained) is purchased may be used.Furthermore, in order to collect costs required for content distributionand profits, for example, money corresponding to a content use fee maybe added to the subscription which is paid monthly. However, the billingmethod by a CAS system and a user account aims to control billing forindividual consumers, that is, content users, by a content distributor,and is not under the control of a content provider. In other words, thecontent provider cannot secure an individual profit even if the CAS ofthe content distributor itself is used.

In order for the content provider to collect a content use fee fromordinary users, the content provider itself may devise a contentproviding method (hereinafter referred to as an “RMP (Rights Management& Protection)” for content billing, security, and copyright protection.The RMP, more specifically, includes indispensable items for purchasingcontent and using content, such as an encryption method, a keydistribution method, a content encryption/decryption method, a billinginformation and keys transmission method, recording medium controlinformation, a mutual authentication method, APS (Analog ProtectionSystem: macrovision, CGMS (Copy Generation Management System), etc.),and viewing limitation information. On the side of contentusers/consumers, by being provided with a content receiver in which anRMP module corresponding to a content provider is mounted, distributedcontent in which the content provider is a supply source is purchasedsuccessfully, and can be used, that is, viewed. Furthermore, collectivemanagement of billing information may be entrusted to a settlementorganization, such as a management center, other than a contentprovider.

However, for the RMP method regarding content billing, security, andcopyright protection, generally, the current situation is that the RMPmethod is devised individually for each content distribution systemprovided by each content provider. In an environment in which aplurality of methods coexist, things fall into a state in which, evenwith the same music content distribution or movie content distribution,if the content distribution system differs, the content cannot bedecrypted on the same content receiver, that is, the content cannot beused.

For example, if a content user tries to purchase content from aplurality of content providers, that is, distribution systems, hardwareor software of a content receiver must be provided for each distributionsystem, causing inconvenience for users or necessitating extra expenses.Furthermore, if restrained purchasing of users occurs as a naturalconsequence of the content purchasing method being troublesome, theprofits of the content providing/distribution business become stagnated,and the entire business will cool down.

SUMMARY OF THE INVENTION

An object of the present invention is to provide a superior contentreceiving apparatus and a superior content receiving method with which aspecific user can suitably receive chargeable content, such as moviesand music, distributed in an encrypted form.

Another object of the present invention is to provide a superior contentreceiving apparatus and a superior content receiving method which arecapable of suitably receiving encrypted content distributed by a contentproducer/provider of movies and music via an intermediary such as abroadcaster or an Internet service provider.

Another object of the present invention is to provide a superior contentreceiving apparatus and a superior content receiving method which arecapable of suitably receiving content distributed in a form in whichbilling for content use and security can be controlled by the contentproducer/provider itself.

Another object of the present invention is to provide a superior contentreceiving apparatus and a superior content receiving method which arecompatible with a plurality of RMP (Rights Management & Protection)methods which are devised for each content distribution system.

The present invention is made in view of the above-described objects.According to a first aspect of the present invention, there is provideda content receiving apparatus including a receiver operable to receivecontent distributed in accordance with a rights management andprotection method; an identification unit operable to identify therights management and protection method for the received content; and arights processing unit operable to perform rights processing of thereceived content in accordance with the identified rights management andprotection method.

A content producer/provider distributes content in a protected form suchas encryption in accordance with a rights management and protectionmethod called “RMP”. Generally, a different rights management andprotection method is adopted by each content producer/provider.

According to the content receiving apparatus in accordance with thefirst aspect of the present invention, by standardizing only the formatwhich specifies the specification of the rights management andprotection method, it is possible for the identification unit toidentify the rights management and protection method of the receivedcontent, and it is possible for the rights processing unit to performrights processing of the received content by selectively using theidentified rights management and protection method.

Therefore, by merely providing functions that correspond to each rightsmanagement and protection method in advance, even when contentconforming to any rights management and protection method is received,it is possible to deal with a plurality of different contentdistribution methods by using one content receiver. That is, content canbe decrypted and used on the same content receiver, obviating the needto provide a device such as a receiver for each distribution system.

Furthermore, among content producers/providers/distributors, competitionover the standardization of the content distribution method, such as theRMP specification description, can be lessened. Furthermore,compatibility and flexibility of distributed content among contentproducers/providers/distributors can be improved. Also, from thestandpoint of content users, convenience is improved.

The rights management and protection method referred to herein specifiesindispensable items for purchasing content and using content, such as acontent encryption method, a key distribution method, a contentdecryption method, a billing information and keys transmission method,recording medium control information, a mutual authentication method,APS (Analog Protection System: macrovision, CGMS (Copy GenerationManagement System), etc.), and viewing limitation information.

The content receiving apparatus may include a plurality of types ofrights management and protection modules in advance. In such a case, itis possible for the rights processing unit to select a predeterminedtype of the rights management and protection modules based on theidentified rights management and protection method in order to performrights processing of the received content.

Alternatively, the content receiving apparatus may further include arights management and protection module acquiring unit operable toexternally acquire a rights management and protection module. In such acase, it is possible for the rights management and protection moduleacquiring unit to externally acquire a selected rights management andprotection module based on the identified rights management andprotection method, and for the rights processing unit to perform rightsprocessing of the received content by using the selected rightsmanagement and protection module.

Alternatively, the content receiving apparatus may further include arights management and protection module creation unit operable toautomatically create a selected rights management and protection modulebased on the identified rights management and protection method. In sucha case, it is possible for the rights processing unit to perform rightsprocessing of the received content by using the selected rightsmanagement and protection module.

The content receiving apparatus may further include a content storageunit operable to store received content. For example, content beforerights processing by the rights processing unit or content after rightsprocessing may be stored in the content storage unit.

The content received by the receiver is encrypted in advance, forexample, by a predetermined key. In such a case, the rights processingunit may decrypt the received encrypted content, may reencrypt it usinganother key, and, thereafter, may store the reencrypted content in thecontent storage unit. With such a construction, the content after rightsprocessing can be protected even more.

The content received by the receiver is distributed in a form encryptedby, for example, a predetermined key. Furthermore, the receiver receivesthe predetermined key encrypted by a second key. In such a case, therights processing unit may decrypt the encrypted predetermined key, mayreencrypt the decrypted key using another key, and, thereafter, maystore the reencrypted key, together with the encrypted content, in thecontent storage unit. With such a construction, the content after rightsprocessing can be protected even more.

The rights processing unit may store a log of rights processing of thereceived content. In such a case, for example, by transmitting thestored log to a predetermined settlement organization periodically ornon-periodically, it is possible for the settlement organization toperform an accurate billing process.

The rights processing unit may perform an APS (Analog Protection System)process on a playback signal of content after rights processing based onthe identified rights management and protection method, and mayexternally output the playback signal. In such a case, it is possible toprotect video playback signals after rights processing.

The rights processing unit may encrypt the content after rightsprocessing, and may externally output the content. In such a case, it ispossible to protect content even when content is to be transferred toanother information device via a home network such as, for example, IEEE1394, and even when content is to be transmitted to a computer systemsuch as a personal computer (PC) via a LAN and is processed using anapplication.

According to a second aspect of the present invention, there is provideda content receiving method. The content receiving method includesreceiving content distributed in accordance with a rights management andprotection method; identifying the rights management and protectionmethod for the received content; and performing rights processing of thereceived content in accordance with the identified rights management andprotection method.

According to the content receiving method of the present invention, bystandardizing only the format which specifies the specification of therights management and protection method, it is possible for theidentification step to identify the rights management and protectionmethod of the received content, and it is possible for the rightsprocessing step to perform rights processing of the received content byselectively using the identified rights management and protectionmethod.

In the rights processing step, a predetermined type of rights managementand protection module may be selected based on the identified rightsmanagement and protection method, and rights processing of the receivedcontent may be performed in accordance with the predetermined type ofrights management and protection module.

The content receiving method may further include externally acquiring aselected rights management and protection module based on the identifiedrights and management and protection method. In such a case, in therights processing step, rights processing of the received content may beperformed by using this selected rights management and protectionmodule.

The content receiving method may further include automatically creatinga rights management and protection module based on the identified rightsmanagement and protection method. In such a case, in the rightsprocessing step, rights processing of the received content may beperformed by using this selected rights management and protectionmodule.

The content receiving method may further include storing receivedcontent. For example, content before rights processing or content afterrights processing in the rights processing step may be stored.

The content receiving step may include receiving content encrypted by apredetermined key. In such a case, the content receiving method mayfurther include decrypting the encrypted content; reencrypting thedecrypted content using another key; and storing the reencryptedcontent.

The content receiving step may include receiving content encrypted by apredetermined key and receiving the predetermined key encrypted by asecond key. In such a case, the content receiving method may furtherinclude decrypting the encrypted predetermined key; reencrypting thedecrypted key using another key; and storing the reencrypted keytogether with the encrypted content.

The content receiving method may further include storing a log of rightsprocessing of the received content. In such a case, for example, bytransmitting the stored log to a predetermined settlement organizationperiodically or non-periodically, it is possible for the settlementorganization to perform an accurate billing process.

The content receiving method may further include performing an APS(Analog Protection System) process on a playback signal of content afterrights processing based on the identified rights management andprotection method, and externally outputting the playback signal.

The content receiving method may further include encrypting contentafter rights processing, and externally outputting the content.

According to a third aspect of the present invention, there is provideda storage medium having physically recorded thereon, in acomputer-readable form, a program for receiving content, the programincluding receiving content distributed in accordance with a rightsmanagement and protection method; identifying the rights management andprotection method for the received content; and performing rightsprocessing of the received content in accordance with the identifiedrights management and protection method.

The storage medium in accordance with the third aspect of the presentinvention is, for example, a medium for physically providing computersoftware in a computer-readable form to a general-purpose computersystem which is capable of executing various program codes. Such amedium is, for example, a removable and portable storage medium, such asa CD (Compact Disc), an FD (Floppy Disc), and an MO (Magneto-OpticalDisc). Alternatively, it is technically possible to provide computersoftware in a computer-readable form to a specific computer system via atransmission medium, such as a network (it does not matter whether thenetwork is a wireless one or a wired one).

Such a medium is such that structural or functional cooperationrelationships between computer software and the storage medium forrealizing the functions of predetermined computer software in a computersystem are defined. In other words, by installing predetermined computersoftware onto a computer system via a storage medium in accordance withthe third aspect of the present invention, cooperative operations areexhibited in the computer system, and operational effects similar to thecontent receiving apparatus and the content receiving method inaccordance with the first and second aspects of the present inventioncan be obtained.

According to a fourth aspect of the present invention, there is provideda server including means for storing a plurality of types of rightsmanagement and protection modules corresponding to respective rightsmanagement and protection methods; and means for transmitting a selectedone of the rights management and protection modules in response to arequest containing information identifying the selected rightsmanagement and protection module.

According to a fifth aspect of the present invention, there is provideda server including means for storing a plurality of types of rightsmanagement and protection modules corresponding to respective rightsmanagement and protection methods; means for selecting one of the rightsmanagement and protection modules based on identification information;and means for converting content by using the selected rights managementand protection module.

Further objects, features and advantages of the present invention willbecome apparent from the following description of the preferredembodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows a conceptual construction of an RMP module;

FIG. 2 schematically shows the construction of a content receiver in aform in which a plurality of hardware RMP modules each having adifferent RMP specification implemented therein are provided in advance,and the switching to a compatible hardware RMP module for use is madefor each received content;

FIG. 3 schematically shows another example of the construction of acontent receiver in a form in which a plurality of hardware RMP moduleseach having a different RMP specification implemented therein areprovided in advance, and the switching to a compatible hardware RMPmodule for use is made for each received content;

FIG. 4 schematically shows another example of the construction of acontent receiver in a form in which a hardware RMP module is formed as asoftware module, and a compatible software module is downloaded for eachreceived content from a predetermined server;

FIG. 5 is a flowchart showing a processing procedure for downloading anRMP module to the content receiver of FIG. 4;

FIG. 6 is a flowchart showing a processing procedure for automaticallycreating a software RMP module within the content receiver of FIG. 4;

FIG. 7 shows the general construction of a content distribution system;

FIG. 8 schematically shows the construction of a broadcasting stationfor producing and distributing content;

FIG. 9 schematically shows the construction of an example contentreceiver 400A for receiving distributed content which is carried asbroadcast waves;

FIG. 10 schematically shows the construction of another example contentreceiver 400B for receiving distributed content which is carried asbroadcast waves;

FIG. 11 is a flowchart showing another example of a processing procedurefor storing received content in a hard disk device in the contentreceiver 400A shown in FIG. 9;

FIG. 12 schematically shows the construction of another example contentreceiver 400C for receiving distributed content which is carried asbroadcast waves;

FIG. 13 schematically shows the construction of another example contentreceiver 400D for receiving distributed content which is carried asbroadcast waves; and

FIG. 14 shows the general construction of a CAS-based contentdistribution system.

DETAILED DESCRIPTION

In the embodiments (to be described below) of the present invention, adescription will be given of a content receiving apparatus which iscompatible with a plurality of RMPs which are devised for each contentdistribution system.

RMP is an abbreviation for rights management & protection, and is aconcept used in the TV Anytime Forum. Problems in businesses whichdistribute content via broadcasts and networks are unauthorized use ofcontent, viewing without paying a fee, and listening without paying afee. If these types of fraudulent acts prevail, proper profits of thecontent producer/provider/distributor are not ensured, which is ofcritical importance for the business. In other words, content use rightsmanagement and protection is necessary, and the RMP takes charge ofthis.

The RMP, more specifically, includes indispensable items for purchasingcontent and using content, such as an encryption method, a keydistribution method, a content encryption/decryption method, a billinginformation and key transmission method, recording medium controlinformation, a mutual authentication method, APS (Analog ProtectionSystem: macrovision, CGMS (Copy Generation Management System), etc.),and viewing limitation information.

Only the formatting which specifies the specification of the RMPcomposed of these items may be standardized, so that each contentdistributor need only input encrypted content and rights processinginformation into the content in a form conforming to the specification.In such a case, from the standpoint of consumers who receive and usecontent, that is, content users, by being provided with a plurality offunctions corresponding to individual RMP methods, even if the contentis based on any RMP method, it is possible to decrypt and use thecontent on the same content receiver.

The RMP specification can be described, for example, as a part ofmetadata associated with distributed content. Hereinafter, that portionof the metadata which is related to the RMP specification description iscalled “rights processing metadata”. For example, in the case of digitalbroadcasts, metadata can be distributed as data for data broadcasts,which is associated with the main part of a broadcast program.

FIG. 1 shows a conceptual construction of an RMP module. The RMP moduleis used by being built in a content receiver in the form of an STB (SetTop Box) and in other forms, and can be mounted using a predeterminedhardware or software module. As shown in FIG. 1, the RMP module isformed to have several interfaces for performing data input/output withrespect to received content.

Content received via a broadcast such as satellite waves or terrestrialwaves or content downloaded via a network such as the Internet is storedin a large-capacity storage device, such as a hard disk device, togetherwith metadata. The RMP module inputs received content in a state beforerights processing via a hard disk device or directly without goingthrough a hard disk device.

The main part of the content, such as video and music, is encrypted inadvance for the purpose of content protection. Therefore, a decryptorfor decrypting the encrypted content is necessary, and the RMP modulehas an encrypted-content input interface for inputting encrypted contentin accordance with a specified encryption algorithm.

Also, metadata is distributed in such a manner as to correspond to eachcontent, with information indicating a rights process for content andnecessary rights protection, that is, rights processing metadata, beingcontained therein.

The rights processing metadata contains keys for decrypting content,content purchasing conditions, use conditions, and copy controlinformation for decrypted content. The RMP module has a rightsprocessing metadata input interface for inputting information regardingrights processing and protection in accordance with a specified format.

The distributed content is encrypted, for example, using a content key,and this content key is transmitted together with encrypted content in aform in which the content key is further encrypted using a distributionkey. Within the RMP module, the distribution key is held, allowing theencrypted content key to be decrypted using this distribution key andfurthermore allowing the encrypted content to be decrypted using thedecrypted content key. According to such an encryption and transmissionmethod, content distribution can be performed safely while changing thecontent key for each content, and since the RMP module holds a singledistribution key, the encrypted content can be decrypted and used. Therights processing metadata input interface of the RMP module may inputthe encrypted content key as rights processing metadata.

Furthermore, the specification regarding billing for content use,devised by the content producer/provider, may also be contained in therights processing metadata, and the rights processing metadata inputinterface of the RMP module may input this data.

For the specification regarding billing, for example, price information,and use conditions (playback billing for each time, a limitation of thenumber of times in which a playable number of times is prespecified, alimitation of the period in which playback is possible up to apredetermined date, etc.) can be specified.

For a billing process with respect to a content user, a settlementorganization, such as a management center, other than a contentproducer/provider/distributor, may be set up. The RMP module has abilling process interface which is connected to such a management centerin order to conduct transactions regarding billing and settlement. TheRMP module creates a billing log, for example, each time content storedon the hard disk device is played back, and connects to the managementcenter at predetermined time intervals in order to transmit the log. Inresponse, the management center can perform billing and a settlementprocess on the basis of the log sent from each content user.

The RMP module, as has already been stated, has an encrypted contentinterface for inputting received content before rights processing. TheRMP module has an interface for storing content after rights processingagain on a hard disk device for the purpose of using content for severaltimes, and an interface for storing content after rights processing onremovable media such as a DVD (Digital Versatile Disc) for the purposeof permanently or semi-permanently storing content. Such an interfacefor storing and playing back content after rights processing can specifycontrol for media during encryption of content for storage and duringdecryption at playback time, presence or absence of authentication formedia, and an authentication method.

Also, the RMP module has an external output interface for playing backreceived content or content read from the hard disk device or aremovable medium on a display or other external devices. In the exampleshown in FIG. 1, an analog output interface for displaying andoutputting a video signal on a display, and a digital output interfacefor transferring content to an external device via a home network suchas IEEE 1394 are provided. For the analog output interface, APS (AnalogProtection System) is adopted to protect content in analog form. The APSincludes macrovision, CGMS (Copy Generation Management System)-A forembedding copy control information to a predetermined scanning line in avertical retrace interval, SCMS (Single Copy Management System), etc.Also, the digital output interface can perform control of authenticationbus encryption, such as 1394CP, in addition to transmission contentencryption.

Also, by transferring content after rights processing, a process using adesired application can be performed on an information processing devicesuch as a personal computer (PC). In the example shown in FIG. 1, theRMP module has a host/application interface for outputting content to anexternal information processing device. The host/application interfaceperforms control such as the encryption of transmission content.

The RMP module may be realized by implementing a dedicated hardwarecomponent or by executing predetermined program code on ageneral-purpose processor. The specification regarding the RMP can bedistributed as rights processing metadata in such a manner as to beassociated with the distributed content (described above).

An example of the RMP specification description format is shown below.

RMP ID: : =INTEGER{XXXXXXXX} Contents Encryption Algorithm: :=SEQUENCE{algorithm 3DES developer Public download URL key length 112 key party 16 key name Content Key } Content Key Encryption Algorithm: :=SEQUENCE{ algorithm DES developer Public download URL key length 56 keyparty  8 key name1 Distribution Key 19 key name2 Storage Key }Distribution Key Encryption Algorithm: : =SEQUENCE{ algorithm None }Storage Key Encryption Algorithm: : =SEQUENCE{ algorithm None }Authentication Algorithm: : =SEQUENCE{ algorithm DES developer Publicdownload URL ECC parameter p xxxxxxxxxxxxxxxx ECC parameter axxxxxxxxxxxxxxxx ECC parameter b xxxxxxxxxxxxxxxx ECC parameter gxxxxxxxxxxxxxxxx ECC parameter r xxxxxxxxxxxxxxxx key length 224 keyparty  0 } Log Format: : =SEQUENCE{ log serial number xxxxxxxx purchasedate yyyy:mm:dd purchase time hh:mm:ss content ID xxxxxxxxxx purchasecondition xxx purchase limitation xxxxxx purchase price xxxxxx copypermission xx }

For the RMP specification description format shown in the foregoing, inaddition to the identification information (RMP ID) for identifying theRMP method being contained at the beginning, an encryption algorithm forencrypting distributed content, an encryption algorithm for encrypting acontent key Ks used to encrypt distributed content, an encryptionalgorithm for encrypting a distribution key Kd which is used duringcontent distribution, a storage key Kst used to store distributedcontent, and a format for storing a log can be specified. For theencryption method, generally, DES (Data Encryption Standard), Multi2,etc., is used.

The specification description as the RMP is devised for each contentproducer/provider. Conventionally, since the RMP is fixed and used foreach content distribution system, in order to receive content from aplurality of systems, extra expenses, such as a new content receiver foreach system, are necessary. In comparison, in the present invention, asa result of specifying the specification description of the RMP and aninterface for inputting to the RMP, by decrypting the specification orby obtaining an RMP module conforming to the specification, on the samecontent receiver, content billing in a plurality of content distributionsystems, a security method such as encryption, and a copyrightprotection method can be dealt with.

One embodiment of the present invention is such that, within a contentreceiver or a content recording/playback device, a plurality of hardwareRMP modules each having a different RMP specification implementedtherein are provided in advance, and the switching to a compatiblehardware RMP module for use is made for each received content.

Another embodiment of the present invention is such that an RMP moduleis formed as a software module, and a compatible software module isdownloaded for each received content from a predetermined server, orrights processing metadata is analyzed to automatically create a desiredsoftware module on the content receiver side.

FIG. 2 schematically shows the construction of a content receiver 10 ina form in which a plurality of hardware RMP modules each having adifferent RMP specification implemented therein are provided in advance,and the switching to a compatible hardware RMP module for use is madefor each received content.

The content receiver 10 shown in FIG. 2 comprises a front-end section11, a CAS processing section 12, hard disk devices 13A and 13B forstoring content, an RMP identification section 14, and two (plurality)RMP modules 1 and 2, each of which is based on a different RMPspecification description.

The front-end section 11 performs a process for tuning in to broadcastwaves of a predetermined channel, that is, a station-selection process,and a process of demodulating received data.

The CAS processing section 12 descrambles a scrambling process appliedto broadcast content on the basis of a contract concerning CAS(Conditional Access System) exchanged with the content distributor. Fordigital broadcasting in Japan, a common scrambling method called“Multi2” is adopted for both BS and CS. However, since the CAS processitself is not related to the scope and spirit of the present invention,no further description is given here.

The hard disk devices 13A and 13B are used to store received content.More specifically, one of the hard disk devices 13A is used to storecontent in a state before rights processing by the RMP module, and theother hard disk device 13B is used to store content in a state afterrights processing. However, the hard disk devices 13A and 13B need notbe devices which are physically independent of each other, and may be,for example, separate storage areas (partitions) which are assigned to asingle hard disk.

In this embodiment, the RMP, which is written as a part of the rightsprocessing metadata, is assigned unique identification information (RMPID) for identifying the method thereof. The RMP identification section14 reads rights processing metadata from the hard disk device 13A,identifies the RMP ID, and causes one of two (plurality) RMP modules 1and 2, that corresponds to the identified RMP ID, to be operable.

The RMP module 1 and the RMP module 2 have several interfaces (describedabove) for processing encrypted content such as movies and music, andthe rights processing metadata associated with content. The RMP module 1or the RMP module 2 activated by the RMP identification section 14operates according to the RMP specification description written as therights processing metadata, and performs content processing, such asdecryption of encrypted content, external output as playback content,and storage onto the hard disk device 13B and a removable medium.

FIG. 3 schematically shows the construction of a content receiver 20according to another embodiment. The content receiver 20 is formed suchthat a plurality of hardware RMP modules each having a different RMPspecification implemented therein is provided in advance, and theswitching to a compatible hardware RMP module for use is made for eachreceived content.

In the example shown in FIG. 3, the content receiver 20 is formed insuch a way that a front-end section 21, a hard disk device 23, an RMPidentification section 24, RMP modules 1 and 2, and a decoder outputdevice 25 are interconnected with each other via the same data bus 26.

The front-end section 21 performs a process for tuning in to broadcastwaves of a predetermined channel, that is, a station-selection process,and a process of demodulating received data. Although not shown, in acase where content is to be received from a predetermined serviceprovider via a wide-area network such as the Internet, instead ofthrough the medium of broadcast waves, the front-end section 21 can berealized by a network interface card.

The hard disk device 23 is used to store content in a state beforerights processing by the RMP module or content in a state after rightsprocessing.

The RMP which is written as rights processing metadata is assignedunique identification information (RMP ID) for identifying the methodthereof. The RMP identification section 24 reads rights processingmetadata from the hard disk device 23, identifies the RMP ID, and causesone of two (plurality) RMP modules 1 and 2, that corresponds to theidentified RMP ID, to be operable.

The RMP module 1 and the RMP module 2 have several interfaces (describedabove) for processing encrypted content such as movies and music, andrights processing metadata associated with content. The RMP module 1 orthe RMP module 2 activated by the RMP identification section 14 operatesaccording to the RMP specification description written as rightsprocessing metadata, and performs content processing, such as decryptionof encrypted content, external output as playback content, and storageonto the hard disk device 23 and a removable medium. In a case wherecontent is to be received from a content distributor adopting a CASmethod, a CAS module for performing the correspondingdecryption/descrambling process may be mounted on the RMP module.

The decoder output device 25 performs a decoding process for decodingplayback content after rights processing, and external output. Forexample, in the case of AV content, the decoder output device 25separates the content into compressed video data and compressed audiodata. Then, the MPEG2-compressed video data is decompressed so that theoriginal video signal is played back, and for the compressed audio data,after the data is PCM (Pulse Code Modulation)-decoded, it is combinedwith additional sound in order to form a playback audio signal.

FIG. 4 schematically shows the construction of a content receiver 30according to another embodiment. The content receiver 30 is formed suchthat an RMP module is formed as a software module, so that a softwaremodule compatible with each received content is downloaded from apredetermined server.

As shown in FIG. 4, the content receiver 30 is constructed in such a waythat a front-end section 31, a CPU (Central Processing Unit) 32, harddisk devices 33A and 33B, an RMP identification section 34, a workmemory 35, a decoder output device 36, and a network interface 37 areinterconnected with each other via a system bus 38.

The front-end section 31 performs a process for tuning in to broadcastwaves of a predetermined channel, that is, a station-selection process,and a process of demodulating received data.

The network interface 37 is a device for connecting the content receiver30 to a wide-area network such as the Internet in accordance with apredetermined communication protocol such as TCP/IP (TransmissionControl Protocol/Internet Protocol). An unlimited number of hostterminals are connected on the Internet. Some of the host terminals areinformation distribution servers for distributing content such as moviesand music, and the others are servers for distributing a software RMPmodule. In a case where, instead of receiving content via a broadcast,content is to be received from a predetermined service provider via awide-area network such as the Internet, the front-end section 31 can berealized by the network interface 37.

The CPU 32 is a central controller for centrally controlling theoperation inside the content receiver 30 under the control of theoperating system (OS), and executes various program codes by using thework memory 35.

The hard disk device 33A is used to store content in a state beforerights processing by the RMP module, and to store content in a stateafter rights processing. The hard disk device 33B is used to store asoftware RMP module which was used before (or which was downloaded inadvance). The hard disk devices 33A and 33B need not be devices whichare physically independent of each other, and may be, for example,storage areas (for example, partitions) which are separated on a singlehard disk.

The RMP described as rights processing metadata is assigned uniqueidentification information RMP ID for identifying the method thereof.The RMP identification section 34 reads rights processing metadata fromthe hard disk device 33A, identifies the RMP ID, and detects whether ornot the relevant software RMP module is loaded into the work memory 35and is currently in use. The RMP identification section 34 can beimplemented as program code to be executed by the CPU 32, rather than asa hardware component.

When the software RMP module in the work memory 35 does not match theRMP ID regarding content to be played back going forward, the relevantsoftware RMP module is searched for on the local disk 33B, and when thesoftware RMP module is found, it replaces that in the work memory 35.When the relevant software RMP module cannot be found on the local disk33B, the server on the network is accessed via the network interface 37so that the desired software RMP module can be searched for.

By executing the software RMP module loaded into the work memory 35, theCPU 32 operates according to the RMP specification description writtenas rights processing metadata, so that content processing, such asdecryption of encrypted content, external output as playback content,and storage onto the hard disk device 33A and a removable medium, can beperformed. When content is to be received from a content distributoradopting a CAS method, a CAS module for performing the correspondingdecryption/descrambling process may be loaded similarly into the workmemory 35.

The decoder output device 36 performs a decoding process for decodingplayback content after rights processing, and external output. Forexample, in the case of AV content, the decoder output device 36separates the content into compressed video data and compressed audiodata. Then, the MPEG2-compressed video data is decompressed so that theoriginal video signal is played back, and for the compressed audio data,after it is PCM (Pulse Code Modulation)-decoded, it is combined withadditional sound in order to form a playback audio signal.

FIG. 5 shows, in a flowchart, a processing procedure for downloading asoftware RMP module to the content receiver 30. A description will nowbe given below of a downloading process of downloading a software modulein accordance with this flowchart.

When the playback of the content stored in the hard disk device 33A isto be started, corresponding rights processing metadata is similarlyread from the hard disk device 33A in order to obtain the RMP ID of theRMP module (step S1). Then, it is checked whether or not this RMP IDmatches that of the RMP module which is currently loaded into the workmemory 35 (step S2).

When the RMP ID matches, that is, the RMP module of the content to beplayed back going forward has already been loaded into the work memory35, then a connection is established with the management center. After abilling process regarding the purchase of content is performed inaccordance with the RMP specification description (step S3), contentplayback is performed (step S4), and this entire processing routine isterminated.

When, on the other hand, the RMP ID does not match, the RMP sourceinformation is obtained (step S5), a connection is made with the serverwhich is the RMP source (step S6), and the corresponding software RMPmodule is downloaded from this server (step S7). Then, the downloadedsoftware RMP module is installed into the content receiver 30 (forexample, loaded into the work memory 35) (step S8).

The RMP source information is written in, for example, URL (UniformResource Locator) format within the rights processing metadata. In sucha case, the content receiver 30 can access the resources with respect tothe server indicated by the URL via a TCP/IP network such as theInternet via the network interface 37 so as to download thecorresponding RMP module in accordance with a transfer protocol such asHTTP (Hyper Text Transfer Protocol) or FTP (File Transfer Protocol).

As a result of installing a new software RMP module, the contentreceiver 30 can operate according to the RMP specification descriptionwritten as rights processing metadata, so that content processing, suchas decryption of encrypted content, external output as playback content,and storage onto the hard disk device 33A and a removable medium, can beperformed.

Then, a connection is established with the management center. After abilling process regarding the purchase of content is performed inaccordance with the RMP specification description (step S3), contentplayback is performed (step S4), and this entire processing routine isterminated.

In a modification in which an RMP module is formed as a software module,it is also possible for the CPU 32 (or another processing unit) toanalyze the RMP specification description within the rights processingmetadata and to automatically create a desired software RMP modulewithin the content receiver 30.

FIG. 6 shows, in a flowchart, a processing procedure for automaticallycreating a software RMP module within the content receiver 30. Adescription will now be given below of a process of automaticallycreating a software RMP module in accordance with this flowchart.

When the playback of the content stored in the hard disk device 33A isto be started, the corresponding rights processing metadata is similarlyread from the hard disk device 33A in order to obtain the RMP ID of theRMP module (step S11). Then, it is checked whether or not this RMP IDmatches that of the RMP module which is currently loaded into the workmemory 35 (step S12).

When the RMP ID matches, that is, the RMP module of the content to beplayed back going forward has already been loaded into the work memory35, then a connection is established with the management center. After abilling process regarding the purchase of content is performed inaccordance with the RMP specification description (step S13), contentplayback is performed (step S14), and this entire processing routine isterminated.

When, on the other hand, the RMP ID does not match, informationregarding the RMP specification description is obtained from the rightsprocessing metadata (step S15). Then, it is checked whether or not thecomputing power of the content receiver 30 (for example, the calculationperformance possessed by the CPU 32) is sufficient to create an RMPmodule (step S16).

When the computing power is insufficient, after a message informing thatthe playback of content is impossible is displayed (step S19), thisprocessing routine is terminated abnormally.

When, on the other hand, the computing power is sufficient, the RMPspecification description is decrypted (step S17), and the RMP is set inthe work memory 35 (step S18). As a result of newly setting the RMP, thecontent receiver 30 can operate according to the RMP specificationdescription written as rights processing metadata, so that contentprocessing, such as decryption of encrypted content, external output asplayback content, and storage onto the hard disk device 33A and aremovable medium, can be performed.

Then, a connection is established with the management center. After abilling process regarding the purchase of content is performed inaccordance with the RMP specification description (step S13), contentplayback is performed (step S14), and this entire processing routine isterminated.

When an RMP module is formed as a hardware module, the module cannot beeasily replaced with another RMP module in comparison with a case inwhich a module is implemented using software. In such a case, the servermay be provided with a mechanism in which the module is replaced with anRMP corresponding to the receiver. For example, the content receiverinquires the server using the ID of the content so as to request theconversion of content. If the rights processing conditions aresatisfied, conversion into a predetermined RMP is possible, and bydownloading the converted content (or it may be that the same contenthas been provided in advance) into the content receiver of the requestsource, it is possible to realize the decryption and playback of thedesired content.

Next, a description is given of an embodiment in a case where thepresent invention is applied to a content distribution system in which acontent provider performs content distribution using a satellitebroadcast.

FIG. 7 shows the general construction of a content distribution system100. The content distribution system 100 shown in FIG. 7 comprises acontent provider 200 formed of a program production company forproducing/providing content or a consignor broadcaster, a satellitebroadcast consignee broadcaster (hereinafter referred to simply as a“broadcasting station”) 300 for distributing the produced/providedcontent by using satellite broadcast waves, and acontent-distribution-compatible satellite broadcast receiver 400(hereinafter referred to simply as a “content receiver”), disposed ineach ordinary household. The broadcast receiver 400 is typicallyconnected to a television (TV) 450 for outputting audio and video.

Between the content provider 200 and the broadcasting station 300, aconsignment contract concerning content production/provision isexchanged, and the content produced by the content provider 200 (orobtained from an external content provider) is provided to thebroadcasting station 300. The broadcasting station 300 encrypts thecontent, and causes this content to be carried as satellite broadcastwaves and distributes the content to the broadcast receiver 400 withineach household.

The content provider 200 may have a contract with an organization whichis dedicated to settlements, such as an external management center 202,which manages content billing, which is independent of a programproduction company 201 as a content producer. In such a case, thecontent provider 200 entrusts a key for encrypting content to themanagement center 202, and the management center 202 passes the contentsales information.

The management center 202 may further be linked with an externalcertificate authority 250 and another settlement organization.Furthermore, the management center 202, which is connected periodicallyor non-periodically to an individual broadcast receiver 400, distributesto the broadcast receiver 400 key information for allowing encryptedcontent to be used. The broadcast receiver 400 uses the distributed keyinformation in order to decrypt the encrypted content which is receivedvia a broadcasting satellite 301 in accordance with the RMPspecification description, so that the content is used. Furthermore, thebroadcast receiver 400 has built therein a large-capacity externalstorage device, such as a hard disk device, so that the received contentcan be stored.

Also, billing information, such as a content playback log, is sent fromthe broadcast receiver 400 to the program production company 201. Theuser on the broadcast receiver 400 side needs only to settle the billamount corresponding to the number of times the content is used monthlywith the management center. The settlement method may be any one of acash payment, a transfer to a predetermined financial institution, acredit settlement using a credit card, an instant settlement using adebit card, and the use of electronic money.

FIG. 8 schematically shows the construction of a broadcasting station300 for producing and distributing content. A description will now begiven below of how encryption is performed during content distributionwith reference to FIG. 8.

A content encryption section 311 encrypts content, such as video andmusic, provided from a content provider, by using a content key Kc.However, it is assumed that the content provided from the contentprovider has been subjected to rights processing by the contentprovider, including encryption conforming to the RMP specificationdescription.

A content-key encryption section 312 encrypts the content key Kc using adistribution key KD.

A multiplexer 313 multiplexes encrypted content input from the contentencryption section 311 together with the encrypted-content key inputfrom the content-key encryption section 312 in order to create atransport stream TS. The transport stream is a data stream in whichmetadata and the encrypted-content key are added to the encryptedcontent.

A CAS scrambler 314 scrambles, that is, decomposes the transport streamso that a conditional reception is made on the broadcast receiver 400.The contract information, the scrambling key, etc., in the CAS are, forexample, encrypted by an encryption device (not shown) and are carriedas broadcast waves, so that they can be transmitted to the broadcastreceiver 400.

FIG. 9 schematically shows the construction of an example contentreceiver 400A for receiving distributed content which is carried asbroadcast waves. The content receiver 400A shown in FIG. 9 is of a typein which, after the received content is temporarily stored in apredetermined local storage device such as a hard disk, purchasing ofcontent is decided. Referring to FIG. 9, the content receiver 400A willbe described below.

A CAS descrambler 411 descrambles the data received from the front-endsection (not shown) by using a scrambling key obtained from thebroadcasting station 300, and plays back the transport stream.

A demultiplexer 412 demultiplexes the transport stream into theencrypted content and the encrypted-content key. After thedemultiplexing, these are temporarily stored in a hard disk device 413Aso as to be kept in a state before rights processing.

An RMP module 420 may be implemented in the form of any one of ahardware module and a software module. When the content stored in thehard disk device 413A is to be purchased, it is assumed thatcorresponding rights processing metadata is first read, RMPidentification information (RMP ID) is detected therefrom, and anappropriate RMP module is operating selectively.

The RMP module 420 connects with the management center 202 with which acontract concerning a contract purchase is exchanged (or a user accountis obtained) in order to purchase a content distribution key KD. Acontent-key decryption section 421 extracts an encrypted-content keyfrom the rights processing metadata, and decrypts this key using thedistribution key KD in order to obtain a content key Kc. A content-keyreencryption section 422, which follows, reencrypts the content key Kcby using a content storage key Ks which is specified by the RMP module420.

The purchased encrypted content is transferred, together with thereencrypted content key, from the hard disk device 413A to a hard diskdevice 413B. However, the hard disk devices 413A and 413B need not bedevices which are physically independent of each other, and may bestorage areas (for example, partitions) which are separated betweenbefore rights processing (before purchasing) and after rights processing(after purchasing) within the same hard disk.

The RMP module 420 stores, as billing data, a processing log such aspurchasing of the distribution key KD for content to be purchased, andtransfer of the purchased content. Then, the RMP module 420 connectsperiodically or non-periodically to the management center 202 andtransfers billing data.

FIG. 10 schematically shows the construction of another example contentreceiver 400B for receiving distributed content which is carried asbroadcast waves. The content receiver 400B shown in FIG. 10 is of a typein which, after received content is stored temporarily in a localstorage device such as a hard disk, the content is played back. Thecontent receiver 400A also functions as a playback device for playingback encrypted content which is purchased/stored by the above-describedcontent receiver 400A. Referring to FIG. 10, the content receiver 400Bwill now be described below.

In a hard disk device 433 are stored content which is encrypted usingthe content key Kc specified by an RMP module 440, and anencrypted-content key which is encrypted using a content storage key Ksspecified by the RMP module 440.

When content is to be purchased, a content-key decryption section 441reads the corresponding encrypted-content key from the hard disk device433, and decrypts this key using the specified storage key Ks in orderto obtain a content key Kc.

A content decryption section 442 reads encrypted content which isdesired to be purchased from the hard disk device 433, and decrypts thiscontent using the decrypted content key Kc in order to play back theoriginal content such as video or music.

An APS processing section 443 performs a content protection process,such as macrovision or CGMS-A, on analog output signals such as videosignals, and, thereafter, sends the signals, as playback content, to anoutput device such as a television (not shown).

According to such a content receiver 400A as that shown in FIGS. 9 and10, it is possible for the content provider to distribute content by anencryption system which is independent of CAS. More specifically, sincethe encryption system is a content distribution system which isindependent of CAS, it is possible to perform a billing process for acontent purchase on a common platform across different CAS systems(different broadcasters). In this case, the CAS is merely a contentdistribution path. The content is stored in a local storage device suchas a hard disk device so as to be kept in an encrypted state. Since,when purchasing, a key for decrypting content is changed from thecontent key Kc to the storage key Ks, thereafter, playback is possibleat any given time on the same content receiver 400A. Also, since a logfor billing during a content purchasing process is created, and the logis transmitted to the management center 202 periodically ornon-periodically, it is possible to reliably perform billing andsettlement with respect to content users.

FIG. 11 shows, in a flowchart, an example of a processing procedure forstoring received content in a hard disk device 413A, in such a contentreceiver 400A as that shown in FIG. 9. The received content is basicallystored so as to be kept as before rights processing. A description willnow be given below of a content storing process in accordance with thisflowchart.

Initially, it is checked whether or not a program desired to be reservedby a user of the content receiver 400A is determined (that is, whetheror not a reservation is set) (step S21).

When a program desired to be reserved has already been decided, forexample, in the case of a digital broadcast, an EPG (Electronic ProgramGuide) is extracted from data for a data broadcast, and a program to bereserved is selected on the basis of the EPG (step S22). Then, a time tobe reserved (a broadcasting duration), a channel, etc., are set (stepS23).

Next, based on a preference input (step S24) from the user, apredetermined search engine automatically selects a program whichmatches the preference (step S25). Then, a time to be reserved (aduration), a channel, etc., are set (step S26).

In response to the reserved start time being reached or the selectedprogram ID being received, the received content is automatically storedin the hard disk device (step S27).

FIG. 12 schematically shows the construction of another example contentreceiver 400C for receiving distributed content which is carried asbroadcast waves. The content receiver 400C shown in FIG. 12 is of a typein which a CAS module for a satellite broadcast, which is formed as anIC card, that is, a BS-CAS IC card, is contained, and after the receivedcontent is temporarily stored in the hard disk device, a satellitebroadcast is conditionally received and is viewed on the basis of theCAS system. Referring to FIG. 12, the content receiver 400C will now bedescribed below.

Data content received by a front-end section (not shown) is temporarilystored in a large-capacity storage device such as a hard disk device 453so as to be kept in a state before rights processing and as beingscrambled by CAS.

The rights processing for the received content is performed by an RMPmodule 460. The RMP module 460 may be implemented in the form of any oneof a hardware module and a software module. It is assumed that, whencontent stored in the hard disk device 453 is to be purchased,corresponding rights processing metadata is read, RMP identificationinformation (RMP ID) is detected, and an appropriate RMP module isselectively operated. In the example shown in FIG. 12, the CAS moduleprovided as an IC card constitutes a part of the RMP module 460.

When the stored content is to be played back, the corresponding rightsprocessing metadata is read from the hard disk device 453.

The rights processing metadata contains an ECM (Entitlement ControlMessage) and an EMM (Entitlement Management Message). The ECM is suchthat a scrambling key Ksc for decrypting a CAS scramble is encrypted.Also, the EMM is such that a work key for decrypting the ECM isencrypted together with contract contents, such as a contract period,and the message.

A decryption section 462 decrypts the EMM using a master key Km recordedon the BS-CAS IC card in order to obtain a work key and contractinformation. Next, a decryption section 461 decrypts the ECM using thework key in order to obtain a scrambling key Ksc.

A determination section 464 verifies the validity of the contentreceiver 400C on the basis of the contract information obtained by thedecryption section 462. When it is determined that the content receiver400C is valid, the scrambling key Ksc is supplied to a decryptionsection 465.

The received content stored in the hard disk device 453 is scrambled inadvance by a method, such as Multi2, on the basis of CAS. The decryptionsection 465 extracts content desired to be played back, that is, desiredto be viewed, from the hard disk device 453, and performs a descramblingprocess thereon using the scrambling key Ksc.

An APS processing section 466 performs a content protection process suchas macrovision and CGMS-A on analog output signals such as videosignals, and, thereafter, sends the signals, as playback content, to anoutput device such as a television (not shown).

On the other hand, the contract information obtained by the decryptionsection 462 is stored in a pay-per-view (PPV) data storage section 463.The RMP module 460 connects with the management center 202 periodicallyor non-periodically, and transfers PPV data. The management center 202can perform a billing process with respect to content users on the basisof the PPV data.

According to the construction of the content receiver 400C shown in FIG.12, CAS can be directly used to bill the stored content. The contentwhich is encrypted in accordance with the CAS is stored so as to be keptin an encrypted state, in the hard disk device. By decrypting the EMMand the ECM using the master key Km used in CAS, the stored content canbe decrypted. At that time, the fact that encryption is decrypted isrecorded as a billing log. By transmitting such a billing log to themanagement center periodically or non-periodically, it is possible toreliably perform a billing with respect to content users.

FIG. 13 schematically shows the construction of another example contentreceiver 400D for receiving distributed content which is carried asbroadcast waves. The content receiver 400D shown in FIG. 13 is of a typein which a CAS module for a satellite broadcast, which is formed into anIC card, that is, a BS-CAS IC card, is contained, and after a satellitebroadcast is conditionally received on the basis of the CAS system andis CAS-descrambled, the satellite broadcast is reencrypted and is storedin the hard disk device. Referring to FIG. 13, the content receiver 400Dwill now be described below.

The rights processing for the received content is performed by an RMPmodule 480. The RMP module 480 may be implemented in the form of any oneof a hardware module and a software module. It is assumed that, whencontent is received by a front-end section (not shown), correspondingrights processing metadata is read, RMP identification information (RMPID) is detected, and an appropriate RMP module is selectively operated.In the example shown in FIG. 13, the CAS module provided as an IC cardand a secure module for protecting content to be stored in the hard diskdevice constitute a part of the RMP module 480. The secure moduleperforms a process for reencrypting content to be stored in the harddisk device and a process for decrypting encryption during playback.

Of the data content received by the front-end section (not shown), therights processing metadata is input to the CAS module, that is, theBS-CAS IC card.

The rights processing metadata contains an ECM (Entitlement ControlMessage) and an EMM (Entitlement Management Message). A decryptionsection 482 decrypts the EMM using a master key Km recorded on theBS-CAS IC card in order to obtain a work key and contract information.Next, a decryption section 481 decrypts the ECM using the work key inorder to obtain a scrambling key Ksc. Also, the contract informationobtained by the decryption section 482 is stored in a PPV data storagesection 483.

A determination section 484 verifies the validity of the contentreceiver 400D on the basis of the contract information obtained by thedecryption section 482. When it is determined that the content receiver400D is valid, the scrambling key Ksc is supplied to a decryptionsection 485.

The decryption section 485 performs a descrambling process on receivedcontent by using the scrambling key Ksc and outputs the content to thesecure module.

In the secure module, an encryption section 487 reencrypts content afterCAS descrambling by using a content storage key Kst which is specific tothe content receiver 400D, and stores the content in a hard disk device473.

When the content stored in the hard disk device 473 is to be playedback, that is, to be viewed, the encrypted content is read from the harddisk device 473 and is decrypted by a decryption section 488 using thecontent storage key Kst. Then, an APS processing section 489 performs acontent protection process, such as macrovision or CGMS-A, on analogoutput signals such as video signals, and, thereafter, sends thesignals, as playback content, to an output device such as a television(not shown).

Also, in the secure module, rights processing metadata is extracted fromthe content after CAS descrambling, and is stored as billing data.

The RMP module 480 connects with the management center 202 periodicallyor non-periodically, and transfers PPV data stored in the CAS module andbilling data stored in the secure module. The management center 202 canperform a billing process with respect to content users on the basis ofthe PPV data.

According to the content receiver 400D constructed as shown in FIG. 13,content which is distributed according to the CAS system can bereencrypted and stored in the hard disk device. During reencryption,encryption is performed using a content storage key Kst having a keystructure differing from the scrambling key Ksc used in CAS. When theencrypted content stored in the hard disk device is to be played back, abilling log is created each time the content is played back and istransmitted to the management center 202 periodically ornon-periodically, so that billing with respect to a content user isperformed. CAS can also be integrally formed with the RMP module.

While the present invention has been described with reference to whatare presently considered to be the preferred embodiments, it is to beunderstood that the invention is not limited to the disclosedembodiments. On the contrary, the invention is intended to cover variousmodifications and equivalent arrangements included within the spirit andscope of the appended claims. The scope of the following claims is to beaccorded the broadest interpretation so as to encompass all suchmodifications and equivalent structures and functions.

1. A content receiving method, comprising: receiving content by one ormore electronic processing devices, the content distributed inaccordance with one of a plurality of rights management and protectionmethods; receiving rights indicia relating to the content by the one ormore electronic processing devices; identifying one of the plurality ofrights management and protection methods by the one or more electronicprocessing devices through which the received content is distributed;determining whether the one or more electronic processing devices isoperable to perform rights processing in accordance with the identifiedrights management and protection method; when the one or more electronicprocessing devices is operable to perform the identified rightsmanagement and processing method, using the received rights indicia bythe one or more electronic processing devices to perform rightsprocessing of the received content in accordance with the identifiedrights management and protection method to permit or deny access to thereceived content; and when the one or more electronic processing devicesis not operable to perform the identified rights management andprocessing method, a) using a processing ability of the one or moreelectronic processing devices to automatically alter the one or moreelectronic processing devices to be operable to perform the identifiedrights management and processing method and b) using the received rightsindicia by the altered one or more electronic processing devices toperform rights processing of the received content in accordance with theidentified rights management and protection method to permit or denyaccess to the received content.
 2. A content receiving method accordingto claim 1, wherein the plurality of rights management and protectionmethods specify indispensable items for purchasing and using thecontent, the items including a content encryption method, a keydistribution method, a content decryption method, a billing informationand keys transmission method, recording medium control information, amutual authentication method, at least one of an analog protectionsystem of macrovision and a copy generation management system, andviewing limitation information.
 3. A content receiving method accordingto claim 1, further comprising externally acquiring a rights managementand protection module selected based on the identified rights managementand protection method, and performing the rights processing of thereceived content using the selected rights management and protectionmodule.
 4. A content receiving method according to claim 1, wherein,when the one or more electronic processing devices is not operable toperform the identified rights management and processing method, saidstep of using a processing ability of the one or more electronicprocessing devices to automatically alter the electronic processingdevice includes automatically creating a rights management andprotection module selected based on the identified rights management andprotection method.
 5. A content receiving method according to claim 1,further comprising storing the received content.
 6. A content receivingmethod according to claim 1, further comprising storing the receivedcontent before performing the rights processing.
 7. A content receivingmethod according to claim 1, further comprising storing the receivedcontent after performing the rights processing.
 8. A content receivingmethod according to claim 1, wherein the receiving step includesreceiving the content encrypted by a predetermined key, the methodfurther comprising: decrypting the encrypted content; reencrypting thedecrypted content using another key; and storing the reencryptedcontent.
 9. A content receiving method according to claim 1, wherein thereceiving step includes receiving the content encrypted by apredetermined key and receiving the predetermined key encrypted by asecond key, the method further comprising: decrypting the encryptedpredetermined key; reencrypting the decrypted key using another key; andstoring the reencrypted key together with the encrypted content.
 10. Acontent receiving method according to claim 1, further comprisingstoring a log regarding rights processing of the received content.
 11. Acontent receiving method according to claim 1, further comprisingperforming an analog protection system process on a playback signalobtained by processing the received content after performing the rightsprocessing based on the identified rights management and protectionmethod, and externally outputting the processed playback signal.
 12. Acontent receiving method according to claim 1, further comprisingencrypting the received content after performing the rights processingand externally outputting the encrypted content.
 13. A content receivingmethod as claimed in claim 1, further comprising determining whethersaid processing ability is sufficient to perform said step of using theprocessing ability of the one or more electronic processing devices toautomatically alter the one or more electronic processing devices whenthe one or more electronic processing devices is not operable to performthe identified rights management and processing method, andautomatically altering the one or more electronic processing devicesonly when the processing ability is determined to be sufficient.